Squirrelbuddha

**Name of the Vulnerable Software and Affected Versions** ASUSTOR ADM version 3.1.0.RFQ3 **Description** The issue is related to an unauthenticated remote code execution in the "portal/apis/aggrecate js.cgi" API endpoint. This is achieved by embedding OS commands in the `script` parameter. **Recommendations** For ASUSTOR ADM version 3.1.0.RFQ3, as a temporary workaround, consider restricting access to the "portal/apis/aggrecate js.cgi" API endpoint until a patch is available. Avoid using the `script` parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.